100 million social media accounts hacked, up for sale on dark web marketplace

Account credentials belonging to more than 100 million users of VK.com (Russia’s equivalent to Facebook) are up for sale on a dark web marketplace.

Well-known breach notification site LeakedSource recently obtained the data dump and published its analysis, Motherboard reports. In total, roughly 171 million accounts including first and last names, e-mail addresses, phone numbers and passwords were compromised although only 100,544,934 are being sold at this time.

Prolific Russian hacker “Peace” is apparently responsible for the data set. If you recall, this is the same entity that recently posted LinkedIn, Tumblr and Myspace account data up for sale.

Peace claims the accounts were already in plain text and thus, didn’t have to be cracked (not exactly following best practices, VK). The 100 million accounts currently up for sale command one Bitcoin, or roughly $575 based on current exchange rates.

Motherboard randomly selected 100 accounts and found that 92 correspond to active accounts on the site.

As was the case with the other breaches, this data is a bit old. According to Peace, the site was breached sometime between 2011 and 2013 with the data being provided by someone using the handle “Tessa88.”

LeakedSource’s analysis notes that “123456” was the most popular password in the data dump, used 709,067 times. Other popular choices include “qwerty” and “123123.” Betty White would not approve. The majority of e-mail addresses used the “@mail.ru” domain.

A spokesperson for VK told Motherboard on Monday that the site hadn’t been breached and that the “old logins/passwords” were collected by fraudsters in 2011 and 2012. Nevertheless, all users’ data mentioned in the database has been changed.